#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title -Upgrade Password Hashing Algorithm to SHA-512

#Initialize variables
export PRECHECK="grep 'PASSWDALGORITHM=sha512' /etc/sysconfig/authconfig"
export QUESTION="Would you like to upgrade the password hashing algorithm?"
export DESCRIPTION="The default algorithm for storing password hashes in /etc/shadow is MD5. In release 5.2 (and for those systems fully updated since its release), the algorithms SHA-256 and SHA-512 are available"
export SOLUTION="/usr/sbin/authconfig --passalgo=sha512 --update" 